Web application pen tests from our CREST and OSCP-certified security experts.
Get a quote
Analyze the security of your web app from a user perspective. Auditing the admin portal of your web application will reveal vulnerabilities including SQL injection, session fixation, privilege escalation and cross-site request forgery (CSRF).
This is the most common type of web application test. Our penetration testers will identify vulnerabilities in publicly-visible networks that could be exploited by users who do not have access credentials.
If your web app has an API then it is vital to check this for vulnerabilities as part of your penetration test. Our experts will work with you to ensure that this is covered as part of your test scope where applicable.
We will carefully analyze all aspects of your web app with advanced tools and manual expertise.
Your CREST-certified penetration tester will search for and expose a range of security weaknesses, including:
If any web app vulnerabilities are found, your tester will provide details about how they were exploited, including actionable remediation advice to help you fix them.
When you get a penetration test with Defense.com™, your report will be hosted in our secure web platform. This will detail each vulnerability found during the test and provide you with actionable remediation advice.
In addition to your PDF report, you can use Defense.com™ to quickly identify, prioritize and manage each threat, saving you time and resources.
After your pen test you’ll also get 12-months access to extra tools in Defense.com™, including:
Alternatively, you can choose a Defense.com™ Enterprise package to get even more features included alongside your pen test. Contact us to find out more and to get a quote.
Get a quote
We pride ourselves on building and developing the best cyber talent to ensure our service is as evolutionary as the threat landscape. Our team of 30+ penetration testers are qualified against the leading industry standards and have years of experience delivering all types of penetration tests.
Most penetration testing follows a 6-step lifecycle:
Mike Slater Head of IT, AgilicoI couldn’t have been more pleased with the service from Defense.com™, the team are always on hand for support and are quick to respond. I found the digital reporting through the platform particularly beneficial as it enabled us to clearly understand the risks, and quickly remediate them with the helpful guidance provided.
Whilst all web app penetration tests have the same goal of uncovering security weaknesses, there are different areas to consider:
We usually recommend a blend of all three testing types to get the most value from your penetration testing engagement and understand all of the possible risks to your web application.
To scope a web application penetration test and for you to get the most value out of it, the tester would first need to establish the rules of engagement and what the end goal is for the web app pen test.
A scope would include gathering as much information about the target as possible, identifying all the web applications that require testing, and whether the test will be authenticated or unauthenticated.
Your penetration tester will provide you with a detailed list of all vulnerabilities found during your web app pen test, including how they could be exploited.
Your web application pen test results will be hosted in our secure Defense.com™ platform and automatically sorted in order of criticality. You’ll then have a prioritized list of vulnerabilities to fix, along with actionable advice to help you remediate each threat.
The duration of a web application penetration test will be determined by the size and complexity of the scope. For example, the greater the number of applications to test, the longer the web app pen test will take. Once the pen tester has understood the business, the number of applications to be assessed, and the desired outcomes of the web app pen test, they will be able to assign a timeframe for the duration of the test.
